Uganda has arrested an author and activist and a TV journalist for allegedly cyber stalking the country’s President, Yoweri Museveni. Author Norman Tumuhimbise and his colleague Farida Bikobere were reportedly bundled into a van by armed security personnel last week. The pair’s lawyer, Eron Kiiza, confirmed their arrest on Thursday to the news agency Agence France-Presse (AFP).
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. To sidestep rumours based on the title alone (which some readers might interpret as an attack
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 100,000 McAfee Labs
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that
A spear-phishing study by security company Barracuda has found that a third of malicious logins into compromised accounts in 2021 came from Nigeria. The finding was included in the Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks report, released by the company on Wednesday. The
by Paul Ducklin OpenSSL published a security update this week. The new versions are 3.0.2 and 1.1.1n, corresponding to the two currently-supported flavours of OpenSSL (3.0 and 1.1.1). The patch includes a few general fixes, such as error reporting that’s been tidied up, along with an update for CVE-2022-0778, found by well-known bug eliminator Tavis
It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams. Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states
Cyberattacks against data centers may ultimately be everyone’s problem – how prepared are their operators for the heightened risk of cyber-assaults? As the war in Ukraine continues, so does the potential for further escalation in kinetic hostilities. At the same time, the odds that the conflict may lead to major cyberattacks against targets beyond Ukraine’s
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
Cyber-criminals are impersonating legitimate aid organizations to steal financial donations intended for the people of Ukraine, according to new research by managed detection and response provider, Expel. Analysis of attack vectors and incident trends performed by the company’s security operations center (SOC) for Expel’s February Attack Vectors Threat Report found multiple phishing emails referencing the invasion of Ukraine to
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take
The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were
In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting
Sioux Falls City Council has approved a $10m appropriation toward a Dakota State University (DSU) cybersecurity lab. The funding for the project, which could bring 650 jobs to the Sioux Falls and Madison areas, was approved by a unanimous vote on Tuesday night. Dakota State University announced its $90m Applied Research Lab (ARL) project on January 26 2022. The
by Paul Ducklin Last year, we wrote about a research paper from SophosLabs that investigated malware known as CryptoRom, an intriguing, albeit disheartening, nexus in the cybercrime underworld. This “confluence of criminality” saw cybercrooks adopting the same techniques as romance scammers to peddle fake cryptocurrency apps instead of false love, and fleece victims out of
An overview of some of the most popular open-source tools for threat intelligence and threat hunting As the term threat intelligence can be easily confounded with threat hunting, we will first endeavor to outline some of the differences between them. Threat intelligence refers to the aggregation and enrichment of data to create a recognizable profile
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360’s Netlab security team called it B1txor20 “based on its propagation using the file name ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm
The highest court in the United Kingdom has refused to hear an appeal by WikiLeaks founder Julian Assange against his extradition to the United States to face espionage charges. Australian citizen Assange was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and
by Paul Ducklin The latest raft of non-emergency Apple security updates are out, patching a total of 87 different CVE-rated software bugs across all Apple products and plaforms. There are 10 security bulletins for this bunch of updates, as follows: APPLE-SA-2022-03-14-1: iOS 15.4 and iPadOS 15.4 (HT213182) APPLE-SA-2022-03-14-2: watchOS 8.5 (HT213193) APPLE-SA-2022-03-14-3: tvOS 15.4 (HT213186)
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m.
As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively.
Police in Manitoba, Canada, have arrested an 18-year-old man on suspicion of carrying out cyber-attacks on victims across North America. Dayne Parrott-Jones, of Brandon, was taken into custody on March 8 by members of the Brandon Police Service Crime Suppression Unit following an 11-month investigation by the Federal Bureau of Investigation (FBI) and police forces
by Paul Ducklin Ever wanted or needed to buy or sell cryptocoins on a whim, without going online? Ever felt like cashing in 100,000 Satoshis or so at 3am to treat your party buddies to a kebab-fest on the way home from a big night out? Well, if you live in the UK, you can’t
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it. There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more
French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. “Also, we can confirm
A former employee of the Canadian government has been extradited to the United States to face charges pertaining to a slew of ransomware attacks. Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, is accused of using NetWalker ransomware to target dozens of victims all over the world, including hospitals and school districts. The United States launched a global action against the
Meta Platforms’ WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service’s web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to “automatically verif[y] the authenticity of the WhatsApp Web code being
French bank BNP Paribas has reportedly blocked its Russian-based employees from accessing its internal computer systems. According to a Reuters source, the bank rescinded the access privileges of its Russian workforce over fears that connections to the local network could leave BNP Paribas vulnerable to cyber-attacks by Russian threat actors. The restriction is reportedly part of the French lender’s
- « Previous Page
- 1
- …
- 79
- 80
- 81
- 82
- 83
- …
- 114
- Next Page »